| VID |
28001 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The target host was found to have LAN Manager authentication enabled. LAN Manager (LM) and Windows NT LAN Manager (NTLM) are challenge/response-based protocols used for network authentication (or logon).
LAN Manager authentication is a weaker form of authentication which can be easily cracked by an attacker.
* References:
http://www.iss.net/security_center/static/8.php
* Platforms Affected:
Windows 95/NT/2000: All Versions |
| Recommendation |
Enhance LAN Manager Authentication Level.
1. Open the Registry Editor (type 'regedit' in DOS prompt).
2. Go to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\control\LSA key.
3. Set 'LMCompatibilityLevel' (LAN Manager Authentication Level) entry to desired value (1 or 2) according to your administration policy.
* In case of Windows NT, ensure to apply the latest Windows NT 4.0 Service Pack (SP4 or later), available from the Windows NT Service Packs Web page,
http://support.microsoft.com/support/ntserver/Content/ServicePacks/
The values of this key indicate the following settings:
0 - Send both Windows NT authentication and LM authentication
1 - Send Windows NT authentication and LM authentication only if the server requests it
2 - Never send LM authentication. If 2 is selected, the host cannot connect to servers that support only LM authentication, such as Windows 95 and Windows for Workgroups. |
| Related URL |
(CVE) |
| Related URL |
6817 (SecurityFocus) |
| Related URL |
(ISS) |
|
